Grant Alibaba Cloud services lifecycle control over their ENIs to prevent accidental operations and ensure service availability.
Overview
Managed ENIs are controlled by Alibaba Cloud services. You can view managed ENIs in the ECS console or other service consoles, but cannot modify them.
To create a managed ENI:
After you use STS to grant permissions to an Alibaba Cloud service, the service calls the CreateNetworkInterface operation to create an ENI. The created ENI is managed by that service.
Call the DescribeNetworkInterfaces operation and check ServiceManaged and Description in the response to determine whether an ENI is managed.
For a managed ENI, ServiceManaged is true and Description contains the name of the managing service.
API permissions for managed ENIs
You can only query managed ENIs through API. Attempts to manage a managed ENI return the InvalidOperation.EniServiceManaged error. The following table lists API permissions for your Alibaba Cloud account and for the Alibaba Cloud service that created the managed ENI.
|
API |
API operation |
Your account |
Creating service |
|
Queries ENIs. |
Yes |
Yes |
|
|
Deletes an ENI. |
No |
Yes |
|
|
Modifies ENI attributes, such as the name, description, and security groups. |
No |
Yes |
|
|
Attaches an ENI. |
No |
Yes |
|
|
Detaches an ENI. |
No |
Yes |
|
|
Assigns one or more secondary private IP addresses to an ENI. |
No |
Yes |
|
|
Unassigns one or more secondary private IP addresses from an ENI. |
No |
Yes |
|
|
Assigns one or more IPv6 addresses to an ENI. |
No |
Yes |
|
|
Unassigns one or more IPv6 addresses from an ENI. |
No |
Yes |
|
|
Associates an EIP with an ENI. |
No |
Yes |
|
|
Disassociates an EIP from an ENI. |
No |
Yes |
|
|
Associates multiple EIPs with an ENI. |
No |
Yes |
|
|
Purchases Internet bandwidth for an IPv6 address. |
No |
Yes |
|
|
Modifies IPv6 Internet bandwidth. |
Yes |
Yes |
|
|
Deletes IPv6 Internet bandwidth. |
No |
Yes |